oss-sec mailing list archives

Re: with firefox on X11, any page can pastejack you anytime

From: Jeremy Stanley <fungi () yuggoth org>
Date: Thu, 19 Oct 2023 16:53:55 +0000

On 2023-10-19 17:04:10 +0100 (+0100), Sam Bull wrote:
[...]

Also a problem with shell security. If you paste something with
line breaks into bash, it executes them. If you paste the same
into fish, it doesn't (it'll display the multi-line input and
expect you to hit the enter key to execute it as a command).


That observation may be outdated. At least my bash 5.2.15 on Debian
does not execute pasted newlines, it treats it as a multi-line
command and waits for an actual enter keypress (tested inside a few
different terminal emulators including vanilla xterm, so pretty sure
it's not being mitigated at that layer).
-- 
Jeremy Stanley

Attachment: signature.asc
Description:

Current thread:

with firefox on X11, any page can pastejack you anytime turistu (Oct 17)
- Re: with firefox on X11, any page can pastejack you anytime Michael Orlitzky (Oct 18)
- Re: with firefox on X11, any page can pastejack you anytime Grant Taylor (Oct 18)
  - Re: with firefox on X11, any page can pastejack you anytime Michael Orlitzky (Oct 18)
    - Re: with firefox on X11, any page can pastejack you anytime Grant Taylor (Oct 18)
    - Re: with firefox on X11, any page can pastejack you anytime Michael Orlitzky (Oct 18)
    - Re: with firefox on X11, any page can pastejack you anytime Jan Engelhardt (Oct 18)
  - Re: with firefox on X11, any page can pastejack you anytime Sam Bull (Oct 19)
    - Re: with firefox on X11, any page can pastejack you anytime Steffen Nurpmeso (Oct 19)
    - Re: with firefox on X11, any page can pastejack you anytime Sam Bull (Oct 19)
    - Re: with firefox on X11, any page can pastejack you anytime Jeremy Stanley (Oct 19)
    - Re: with firefox on X11, any page can pastejack you anytime Turistu (Oct 19)
    - Re: with firefox on X11, any page can pastejack you anytime David Leadbeater (Oct 20)
    - Re: with firefox on X11, any page can pastejack you anytime David Leadbeater (Oct 20)
    - Re: with firefox on X11, any page can pastejack you anytime nightmare . yeah27 (Oct 20)
    - Re: Re: with firefox on X11, any page can pastejack you anytime Steffen Nurpmeso (Oct 20)
    - Re: with firefox on X11, any page can pastejack you anytime niekt0 (Oct 19)
    - Re: with firefox on X11, any page can pastejack you anytime Jeffrey Walton (Oct 19)
  - Re: with firefox on X11, any page can pastejack you anytime Donald Buczek (Oct 20)
- Re: with firefox on X11, any page can pastejack you anytime Turistu (Oct 20)
  - Re: with firefox on X11, any page can pastejack you anytime Solar Designer (Oct 20)

(Thread continues...)